The GDPR (or otherwise known as the EU General Data Protection Regulation 2016) came into effect on the 25 May 2018. It is designed to protect and empower European citizens with regard to the handling of their personal data. It enhances people's rights and places greater obligations and sanctions on organisations.
The UK's Data Protection Act 2018 provides additional duties and is supplementary to the GDPR. UK organisations will still be required to comply with the GDPR when they UK leaves the European Union.
Schools and other organisations that handle personal data.
There are new requirements to investigate and notify the Information Commissioner's Office (ICO) and data subjects about data breaches. Don't be caught out!
Data subjects have the right to receive compensation if they suffer damage or distress as a result of a breach involving their data and organisations can be fined up to £17.5million!
Schools must appoint a Data Protection Officer - they can be an employee or an external person they outsource the role to.
There are tighter rules around obtaining consent from adults and children.
People have new and enhanced rights. Here's a short overview about some of them.
There are several new obligations for schools to fulfil under the GDPR.
Copyright © 2019 Firebird Data Protection Consultancy - All Rights Reserved.